CN113282889A - license authorization method, device and system - Google Patents
license authorization method, device and system Download PDFInfo
- Publication number
- CN113282889A CN113282889A CN202110550471.XA CN202110550471A CN113282889A CN 113282889 A CN113282889 A CN 113282889A CN 202110550471 A CN202110550471 A CN 202110550471A CN 113282889 A CN113282889 A CN 113282889A
- Authority
- CN
- China
- Prior art keywords
- license
- information
- authority
- server
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 43
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000006870 function Effects 0.000 claims description 41
- 230000002457 bidirectional effect Effects 0.000 claims description 6
- 230000002441 reversible effect Effects 0.000 claims description 6
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 230000001172 regenerating effect Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 claims 1
- 230000008569 process Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Remote Sensing (AREA)
- Multimedia (AREA)
- Radar, Positioning & Navigation (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method, equipment and a system for l i pass authorization, wherein the l i pass authorization scheme covers complete protection for embedded equipment, can prevent copying and decompiling, and has the capability of managing and controlling the authority and the validity period of each function.
Description
Technical Field
The invention belongs to the technical field of license authorization, and particularly relates to a license authorization method, device and system.
Background
With the development of the internet of things, the networking function of hardware equipment is in a normal state at present, and the product value is gradually changed from the hardware value to the software added value.
At present, most embedded equipment products on the market basically have no license authorization scheme to prevent a copying board and embedded software from being decompiled, or even though the license authorization scheme exists, the embedded equipment products do not have the capacity of managing and controlling the authority and the validity period of each function, so that complete protection cannot be covered.
Disclosure of Invention
Therefore, aiming at the technical problems, a license authorization method, equipment and a system which are complete and reliable in protection are provided.
In order to solve the technical problems, the invention adopts the following technical scheme:
on one hand, the license authorization method is applied to the embedded equipment, and is characterized by comprising the following steps:
s101, detecting whether license files exist after each power-on, if yes, executing a step S102, and if not, executing a step S105;
s102, judging whether the license file is legal or not, if so, executing a step S103, otherwise, executing a step S104;
s103, analyzing functional module authority information and authority validity information from the license file, and providing corresponding functional authorization according to the functional module authority information and the authority validity information;
s104, stopping all functions;
s105, sending a license generation request to the server, and executing the step S106;
s106, receiving the feedback of the server, executing step S107 if the feedback is a license generation command, and executing step 104 if the feedback represents that the license is abnormal;
and S107, generating and storing a license file, wherein the license file comprises the authority information of the functional module and the authority validity period information.
On the other hand, a license authorization method is provided, which is applied to a server and is characterized by comprising the following steps:
receiving a license generation request sent by embedded equipment;
judging whether a license generation command is sent to the embedded device, if so, feeding back the exception of the license to the embedded device, and if not, feeding back the license generation command to the embedded device, wherein the license generation command comprises functional module authority information and authority validity period information.
In still another aspect, an embedded device is provided, wherein the device is configured to execute the license authorization method applied to the embedded device.
In still another aspect, a server is provided, wherein the server is configured to execute the license authorization method applied to the server.
In another aspect, a license authorization system is provided, which is characterized by including the above-mentioned embedded device and the above-mentioned server.
The license authorization scheme of the invention covers complete protection for the embedded equipment, can prevent copying and decompiling, and has the capability of managing and controlling the authority and the validity period of each function.
Drawings
The invention is described in detail below with reference to the following figures and detailed description:
fig. 1 is a flowchart of a license authorization method applied to an embedded device according to the present invention;
fig. 2 is a flowchart of a license authorization method applied to a server according to the present invention.
Detailed Description
As shown in fig. 1, an embodiment of the present specification provides a license authorization method applied to an embedded device, including:
s101, detecting whether license files exist after each power-on, if yes, executing step S102, and if not, executing step S105.
S102, judging whether the license file is legal or not, if so, executing a step S103, and if not, executing a step S104. The specific process is as follows:
and hashing the hardware feature code, the equipment type information and a preset character string, and judging whether the hash result is matched with the first data of the license file, if so, representing that the license file is legal, and if not, judging that the license file is illegal.
It is noted that in the case where the license file exists, the device type information is already obtained from the generate license command before generating the license file, see step S107 section.
S103, analyzing the authority information of the function module and the authority validity information from the license file, and providing corresponding function authorization according to the authority information of the function module and the authority validity information. The specific process is as follows:
and reversely decrypting the functional module authority information and the authority validity period information from the second data of the license file by using the first data of the license file as a key, and providing corresponding functional authorization according to the functional module authority information and the authority validity period information.
Preferably, the corresponding function authorization may be provided according to the global function authority information, the function module authority information and the authority validity period information corresponding to the device type information, which may be referred to as the description in the step S107.
Preferably, when providing the corresponding function authorization, further comprising:
1. and comparing the authority validity period with the current time, judging whether the authority validity period is legal or not, if so, providing corresponding function authorization according to the global function authority information and the function module authority information corresponding to the equipment type information, and if not, sending a license update request to the server.
2. And receiving a license update command sent by the server, and regenerating a license file according to the step S107.
And S104, stopping all functions.
S105, transmits a license generation request to the server, and executes step S106.
And S106, receiving the feedback of the server, executing the step S107 if the feedback is a license generation command, and executing the step 104 if the feedback represents that the license is abnormal.
And S107, generating a license file according to the license generation command, and storing the license file, wherein the license file comprises the functional module authority information and the authority validity period information.
In this embodiment, the license generation command includes device type information, function module permission information, and permission validity period information, global authorization may be performed on corresponding functions through the device type information, some pieces of scene hardware are completely the same, but the device types may be different, for example, the same iphone may be used, if the device type is iphone, a mobile phone function is authorized, and if the device type is itouch, only a walkman function is authorized, so that what program the hardware starts and what service is provided may be determined globally through the device type information in the license.
Of course, each function may be authorized separately only by the function module authority information.
The specific process of generating the license file is as follows:
1. and hashing the hardware feature code, the equipment type information and a preset character string to obtain first data.
2. And performing bidirectional reversible encryption on the authority information and the authority validity period information of the functional module by using the first data as a key to generate second data.
3. And splicing the first data and the second data to form a license file.
The hardware feature code is a unique hardware identifier of the embedded equipment, is used as a license authorization encryption seed, and adopts a hash algorithm and symmetric encryption (bidirectional reversible encryption) to be fused to be used as a core encryption algorithm, so that the scheme of one-machine one-secret, one-way encryption and bidirectional encryption decryption is realized, the decryption is not easy to occur, and the authorization protection capability is improved.
The license file has the authority information of the functional module and the authority validity information, so that the license file has the capability of managing and controlling the authority and validity of each function.
In this embodiment, the hardware feature code adopts a unique code of a single chip or a unique mac address of a sub-module (the unique information of the sub-module, the mac address has uniqueness, and the sub-module may be a network card, bluetooth, wifi module, or other modules), and the like.
The authority information of the function module is data of a plurality of bits (bit), for example, 32bit data is used as the authority information of the function module, wherein each bit represents a function, and 0 and 1 represent whether the mobile phone has the authority of the corresponding function, for example, the mobile phone has 4 functions, respectively including short message, telephone, internet access and music, which respectively correspond to 4 bits, if the authority information of the function module is 1101, the mobile phone only starts the corresponding functions of short message, telephone and music when running.
In the present embodiment, the hash algorithm uses SHA256 or other algorithm, and the reversible bidirectional encryption algorithm uses AES256 or other algorithm.
As shown in fig. 2, based on the same inventive concept, an embodiment of this specification further provides a license authorization method applied to a server, including:
s201, receiving a license generation request sent by the embedded device.
S202, judging whether a license generation command is sent to the current embedded device, if so, executing a step 203, and if not, executing a step 204.
203. And feeding back license exception to the embedded device.
204. And feeding back a license generation command to the embedded device.
The license generation command comprises equipment type information, function module authority information and authority validity period information. The license file generated by the embedded device comprises the authority information of the functional module and the authority validity information, so that the license management method and the license management system have the capability of managing and controlling the authority and validity of each function.
The method of the embodiment further comprises the following steps:
and receiving a license update request sent by the embedded equipment.
And if the corresponding user has renewed the fee, sending a license update command to the current embedded equipment.
In an actual application scenario, an embedded device is firstly accessed to the network, no license file exists, the embedded device requests a server to issue a license generation command, device type information, function module permission information and permission validity information in the license generation command issued by the server are issued, the embedded device hashes a hardware feature code + a device type + a sol (any character string) through a hash algorithm to obtain first data, then bidirectional reversible algorithm operation is performed on the function module permission information and the permission validity information by taking the first data as a key to generate second data, and the first data and the second data are spliced to form a license file to be stored.
After subsequent electrification, the embedded equipment firstly detects a license file, if the license file does not exist, the embedded equipment requests the server to generate, if the server has been issued before, the server refuses, informs a lower computer that the license is abnormal, and stops running the function; if yes, calculating a hash result according to a hash algorithm rule, comparing the hash result with first data in the license file, confirming whether the license file is legal, then using the first data as a secret key, calculating authority information and authority validity information of the functional module through a reversible algorithm, and then judging whether the authority and the authority validity of the functional module are legal.
If the license file is illegal, stopping all functions; and if the authority of the functional module and the authority validity period are illegal, the server is requested to update the license after the network is accessed, and the server determines whether to issue the license command again according to whether the user renews the fee or not.
Of course, the server can also actively issue a command to regenerate the license so as to change license products, function module authority information and authority validity period information.
Embodiments of the present specification also provide an embedded device configured to perform the steps according to various exemplary embodiments of the present invention described in the license authorization method section applied to the embedded device of the present specification.
The present specification also provides a server configured to perform the steps according to various exemplary embodiments of the present invention described in the license authorization method section applied to the server in the present specification.
An embodiment of the present specification further provides a license authorization system, which includes the foregoing embedded device and the foregoing server, and details are not described here.
For vehicle diagnosis, the embedded device is a lower computer, and the server is a cloud server.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
However, those skilled in the art should realize that the above embodiments are illustrative only and not limiting to the present invention, and that changes and modifications to the above described embodiments are intended to fall within the scope of the appended claims, provided they fall within the true spirit of the present invention.
Claims (10)
1. A license authorization method is applied to an embedded device and is characterized by comprising the following steps:
s101, detecting whether license files exist after each power-on, if yes, executing a step S102, and if not, executing a step S105;
s102, judging whether the license file is legal or not, if so, executing a step S103, otherwise, executing a step S104;
s103, analyzing functional module authority information and authority validity information from the license file, and providing corresponding functional authorization according to the functional module authority information and the authority validity information;
s104, stopping all functions;
s105, sending a license generation request to the server, and executing the step S106;
s106, receiving the feedback of the server, executing step S107 if the feedback is a license generation command, and executing step 104 if the feedback represents that the license is abnormal;
and S107, generating and storing a license file, wherein the license file comprises the authority information of the functional module and the authority validity period information.
2. A license authorization method according to claim 1, characterized in that the license generation command includes device type information, function module right information and right validity period information;
the step S107 further includes:
performing hash on the hardware feature code, the equipment type information and a preset character string to obtain first data;
the first data is used as a key to carry out bidirectional reversible encryption on the authority information and the authority validity period information of the functional module to generate second data;
and splicing the first data and the second data to form a license file.
3. A license authorization method according to claim 2, wherein the step S102 further comprises:
and hashing the hardware feature code, the equipment type information and a preset character string, and judging whether the hash result is matched with the first data of the license file, if so, representing that the license file is legal, and if not, judging that the license file is illegal.
4. A license authorization method according to claim 3, wherein the step S103 further comprises:
and reversely decrypting the functional module authority information and the authority validity information from the second data of the license file by using the first data of the license file as a secret key, and providing corresponding functional authorization according to the global functional authority information, the functional module authority information and the authority validity information corresponding to the equipment type information.
5. The license authorization method according to claim 4, wherein the step S103 further comprises:
comparing the validity period of the authority with the current time, judging whether the validity period of the authority is legal or not, if so, providing corresponding function authorization according to the global function authority information and the function module authority information corresponding to the equipment type information, and if not, sending a license update request to a server;
and receiving a license update command sent by the server, and regenerating a license file according to the step S107.
6. A license authorization method is applied to a server and is characterized by comprising the following steps:
receiving a license generation request sent by embedded equipment;
judging whether a license generation command is sent to the embedded device, if so, feeding back the exception of the license to the embedded device, and if not, feeding back the license generation command to the embedded device, wherein the license generation command comprises functional module authority information and authority validity period information.
7. A license authorization method according to claim 6, characterized in that the license generation command further includes device type information;
the method further comprises the following steps:
receiving a license updating request sent by embedded equipment;
and if the corresponding user has renewed the fee, sending a license updating command to the embedded equipment.
8. An embedded device, characterized in that the device is configured to perform a license authorization method according to any of claims 1-5.
9. A server, characterized in that the server is configured to perform a data transmission method according to claim 6 or 7.
10. A license authorization system, characterized in that it comprises an embedded device according to claim 8 and a server according to claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110550471.XA CN113282889A (en) | 2021-05-20 | 2021-05-20 | license authorization method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110550471.XA CN113282889A (en) | 2021-05-20 | 2021-05-20 | license authorization method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113282889A true CN113282889A (en) | 2021-08-20 |
Family
ID=77280215
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110550471.XA Pending CN113282889A (en) | 2021-05-20 | 2021-05-20 | license authorization method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113282889A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109086575A (en) * | 2018-07-26 | 2018-12-25 | 郑州云海信息技术有限公司 | A kind of authorization method and system of software license |
| CN109284586A (en) * | 2018-08-27 | 2019-01-29 | 武汉达梦数据库有限公司 | A kind of soft ware authorization license implementation method and device |
| CN112346914A (en) * | 2020-09-30 | 2021-02-09 | 西安万像电子科技有限公司 | Authority management method, device and system |
| CN112818299A (en) * | 2021-01-29 | 2021-05-18 | 西安万像电子科技有限公司 | License control method and device |
-
2021
- 2021-05-20 CN CN202110550471.XA patent/CN113282889A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109086575A (en) * | 2018-07-26 | 2018-12-25 | 郑州云海信息技术有限公司 | A kind of authorization method and system of software license |
| CN109284586A (en) * | 2018-08-27 | 2019-01-29 | 武汉达梦数据库有限公司 | A kind of soft ware authorization license implementation method and device |
| CN112346914A (en) * | 2020-09-30 | 2021-02-09 | 西安万像电子科技有限公司 | Authority management method, device and system |
| CN112818299A (en) * | 2021-01-29 | 2021-05-18 | 西安万像电子科技有限公司 | License control method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2628125B1 (en) | Method and apparatus for downloading drm module | |
| CN100578522C (en) | Electronic device, update method for same and integrated circuit | |
| JP5747981B2 (en) | System and method for remote maintenance of multiple clients in an electronic network using virtual machines | |
| US7526451B2 (en) | Method of transferring digital rights | |
| US20190140837A1 (en) | Remote Management Method, and Device | |
| US20090138699A1 (en) | Software module management device and program | |
| CN103282911A (en) | Method for interworking trust between a trusted region and an untrusted region, method, server, and terminal for controlling the downloading of trusted applications, and control system applying same | |
| CN103620556A (en) | Binding applications to device capabilities | |
| US20090089881A1 (en) | Methods of licensing software programs and protecting them from unauthorized use | |
| CN102165457A (en) | Ticket authorized secure installation and boot | |
| CN103095457A (en) | Login and verification method for application program | |
| US20140317704A1 (en) | Method and system for enabling the federation of unrelated applications | |
| US20110154436A1 (en) | Provider Management Methods and Systems for a Portable Device Running Android Platform | |
| CN114448648B (en) | Sensitive credential management method and system based on RPA | |
| EP1632943B1 (en) | Method of preventing multimedia copy | |
| US8595848B2 (en) | Method for moving rights object and method for managing rights of issuing rights object and system thereof | |
| US20110023083A1 (en) | Method and apparatus for digital rights management for use in mobile communication terminal | |
| CN102622251A (en) | Method and server for managing navigation software upgrading | |
| US20120311720A1 (en) | Method for protecting application and method for executing application using the same | |
| CN112528239A (en) | Method and device for automatically authorizing software | |
| CN113434824B (en) | Software service authorization management method, device, equipment and storage medium | |
| US20130219510A1 (en) | Drm/cas service device and method using security context | |
| CN113282889A (en) | license authorization method, device and system | |
| US11108744B2 (en) | Network encryption methods for realizing encryption of local area networks at the bottom layer driver of network cards of embedded devices | |
| KR100827070B1 (en) | Apparatus for management license data and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |